Forgot Password
Pentax Camera Forums Home
 

Reply
Show Printable Version Search this Thread
08-11-2009, 10:12 PM   #241
Veteran Member




Join Date: Jul 2009
Location: Russia
Posts: 343
Original Poster
QuoteOriginally posted by jptreen Quote
Also if it comes to the point where you are calling for donations make it very clear because I would love to offer what support I can.
Read first thread post. I update it frequently and it contains stuff about donations.

08-11-2009, 10:13 PM   #242
Veteran Member




Join Date: Jul 2009
Location: Russia
Posts: 343
Original Poster
QuoteOriginally posted by zezo Quote
Definitely from the debug menu. I just finished reading the entire thread and was going to comment on that too.
If you look at screenshots from IDA, you'll notice that they are in function named SWITCH_TEST already :-)
08-11-2009, 10:18 PM   #243
Veteran Member




Join Date: Jul 2009
Location: Russia
Posts: 343
Original Poster
QuoteOriginally posted by WheresWaldo Quote
I also have a Samsung GX-1S with v1.02 firmware and the ROM dumps are a different size the CPU is still 256KB but the DSP is only 4096KB instead of 8192KB.

You must use MODSET.TXT and the commands must be in []'s

The file dumps are ST410CPU.BIN and ST410DSP.BIN if you are interested I can email them to you.

Thanks. ZIP them and send to my email.


QuoteOriginally posted by darky_mtp Quote
No matter what I tried, no dump.
Debug mode must be on for it to work.
Consult zezo if you still have problems dumping.
08-11-2009, 11:01 PM   #244
Veteran Member




Join Date: Jul 2009
Location: Russia
Posts: 343
Original Poster
QuoteOriginally posted by Paul MaudDib Quote
I am trying to bang something out in C# to find bitmaps in the hex. The stuff I have right now is very rough. I can't do more than crude searching for the magic number and file size without a real file to try and decode the bitmap format from.

If you have it, a valid bmp would be great too. Doesn't even have to be from these cameras, if you've got one from a DIGIC processor would help although it's not obviously as useful as being handed a blueprint of what to search for.

e: there is nothing with normal magic numbers in it. How do you think there are BMPs in there and how should I try to get them out?
No, it is not BMP files.
And we you don't know their format. can be anything from 1-bit images to 32-bit RGBA images. So, we need to make visual seach at first. Displaying bitmap on screen and shifting start address (up to one bit) and changing bitmap size.


Last edited by tr13; 08-11-2009 at 11:06 PM.
08-12-2009, 12:11 AM   #245
Veteran Member




Join Date: Jul 2009
Location: Russia
Posts: 343
Original Poster
Tried SYSPARAM.TXT:
[STOREAE] 1@[STOREPREBAYER] 1@[STOREBAYER] 1@[STOREPREDARK] 1@[STOREGEN] 1@[STORECPU] 1@[STOREAF] 1@[STOREWD] 1@[STOREIQWD] 1@[STOREDP] 1@[STOREDEFECTPIXELDATA] 1@

(above is one line! and in debug mode only!)

And for each shot I got one text file with many data and few raw files.

Note! To turn all this off:
[STOREAE] 0@[STOREPREBAYER] 0@[STOREBAYER] 0@[STOREPREDARK] 0@[STOREGEN] 0@[STORECPU] 0@[STOREAF] 0@[STOREWD] 0@[STOREIQWD] 0@[STOREDP] 0@[STOREDEFECTPIXELDATA] 0@

But I still got text file for each shot (same as with [STOREAE] 0).
It looks that if SYSPARAM.TXT is present it dumps data. Or [STOREAE] don't work.
08-12-2009, 12:29 AM   #246
Veteran Member




Join Date: Jan 2009
Location: Budapest
Posts: 821
QuoteOriginally posted by darky_mtp Quote
Did you leave the card door open?
Beleive me, I tried it every possible way. It simply doesn't work. I've yet to see anyone confirm that this works on K-m.
08-12-2009, 12:45 AM   #247
Veteran Member




Join Date: Jul 2009
Location: Russia
Posts: 343
Original Poster
QuoteOriginally posted by simico Quote
Beleive me, I tried it every possible way. It simply doesn't work. I've yet to see anyone confirm that this works on K-m.
Try this program to turn debug mode, on GX20 it works.
Корректировка АФ в К100Д Супер, GX-10 и К10 v1.30! - Форумы Пента-клуба
08-12-2009, 01:09 AM   #248
New Member




Join Date: Aug 2009
Location: Sofia
Posts: 22
QuoteOriginally posted by Class A Quote
Welcome to the forums zezo!
Perhaps the number extensions are not about obfuscation but about allowing the use of generic.txt files for all models and specific number extension files to target special models only. A camera might even take ".txt" and ".XYZ" files into consideration if they are present at the same time?
You are right about the numbers - they will allow single SD card to be used to service different models, but I was referring to another thing. In firmware files prior to K10D v1.30 file names appear like plain text and are easily identifiable with hex viewer or the 'strings' unix command line utility. That makes it very easy to guess their usage as the contained commands are near the file names so you don't even need to disassemble the file, just have to guess the syntax (well, finding the parser in the asm file and noticing that it searches for [ and ] helps the process ;).

strings FWDC162B.BIN looks like this:
C:\MODSET.TXT
C:\MODSET.TXT
DEBUG_MODE EN
DEBUG_MODE DIS
CFDOOR_OPEN EN
CFDOOR_OPEN DIS
...

and in the corresponding 1.30 section file names are 'encrypted':
fylgvmlk|nvdlg|)z~vmlk|nvdlg| lg)z~vmlk|nvdlg| m`z)elgzvjy|vo`{d|y)
DEBUG_MODE EN
DEBUG_MODE DIS
CFDOOR_OPEN EN
CFDOOR_OPEN DIS
...
But in the end the garbage in the first line still decodes to 'C:\MODSET.TXT'

08-12-2009, 01:18 AM   #249
Veteran Member




Join Date: Jul 2009
Location: Russia
Posts: 343
Original Poster
We could also check true cameras noise using
[DISABLENR] 1@
:-)
As far as I remember disabled NR on low ISO (in RAW) is considered as one of K7 advantages.
08-12-2009, 01:50 AM   #250
New Member




Join Date: Aug 2009
Location: Sofia
Posts: 22
QuoteOriginally posted by tr13 Quote
No, it is not BMP files.
And we you don't know their format. can be anything from 1-bit images to 32-bit RGBA images. So, we need to make visual seach at first. Displaying bitmap on screen and shifting start address (up to one bit) and changing bitmap size.
I was able to extract somehow useful bitmap information using raw2tiff. This command line utility (part of libtiff) lets you set different parameters of the raw data - format, x-resolution and so on. Result looks like this: http://zezo.org/144.png and http://zezo.org/288.png. You need image viewer that can handle 15000/30000 vertical pixel images (firefox works for me). Fonts and bitmaps are identifiable. Same can be done with different x resolutions and different things come to alignment. This is grayscale conversion, so it looks like 8-bit indexed pallete images.

Last edited by zezo; 08-12-2009 at 02:21 AM. Reason: Ooops. Replaced TIF files with PNG so they open directly in browser but forgot to change the links.
08-12-2009, 02:32 AM   #251
Veteran Member




Join Date: Jul 2009
Location: Russia
Posts: 343
Original Poster
Amazing. Some pictures are very good looking. Fonts parts can be seen also.
Anyway we need some tool to extract this all to separate bitmap files.
Font can be stored inside one image.
Make something configuration text file like
font1 offset=0x55555 length=0x2000 height=0x10 width=0x300 bpp=8
etc.

Last edited by tr13; 08-12-2009 at 02:32 AM. Reason: P.S. First file don't work for me (File not found).
08-12-2009, 02:33 AM   #252
Senior Member




Join Date: Aug 2009
Location: "around"
Posts: 116
QuoteOriginally posted by tr13 Quote
Read first thread post. I update it frequently and it contains stuff about donations.
OK tr13!

Doesn't help that I started reading this thread when you started it and have seen it grow from the off getting steadily more over my head. I've also checked your site a lot and have seen no mention of the 'donations' thing there...Now I've checked the first post I see.

Keep up doing whatever it is you're doing! If my K10D ever fails, I might just post it to you.
08-12-2009, 02:56 AM   #253
New Member




Join Date: Aug 2009
Location: Sofia
Posts: 22
QuoteOriginally posted by tr13 Quote
Amazing. Some pictures are very good looking. Fonts parts can be seen also.
Anyway we need some tool to extract this all to separate bitmap files.
Font can be stored inside one image.
Make something configuration text file like
font1 offset=0x55555 length=0x2000 height=0x10 width=0x300 bpp=8
etc.
You can do that with raw2tiff and some scripting. From the help:

-H # size of input image file header in bytes (0 by default)
-w # width of input image in pixels
-l # length of input image in lines

-H is same as offset

It wold be better to make the tool aware of bitmap index tables, so you give it bitmap dimensions + table address and length and it extracts all images. Looks like 20 lines of perl to me.

BTW I've in fact tried to modify the K100D firmware to allow some FA functionality with A lenses (auto/selectable focus points) - that was the reason for generating those tif files.

The route I took was finding the AF point menu bitmaps, cross referencing that back to the subroutine that uses them, finding the global variable that holds focus point selection information and then trying to find the subroutines that refer to that and limit the choice depending on lens. Got some partial success after patching 7-8 conditional jumps - the menu items were no longer grayed and you could choose different focus modes with A lens, but the real check was left out and the camera still used only the central point.

The other approach - finding all references to the variable containing lens type was almost impossible. A lot of pointers to static and dynamic structures passed between subroutines, with some things being asynchronous - running in interrupt handlers or separate processes. Maybe very advanced disassembler can help here, but it has to be almost to the level of the x86 module.

Last edited by zezo; 08-12-2009 at 03:02 AM.
08-12-2009, 03:21 AM   #254
New Member




Join Date: Mar 2008
Posts: 19
Debug mode allready activated : Power on without SD Card prints "Debug Mode" on screen.
SD card have both SYSPARAM.442 and SYSPARAM.TXT with [STOREAE] 1@ (tried with and without CR).
Tried to power-on with card door open and close, with and without pressing menu button.
No new file on card.
I have a K20D 1.03.
08-12-2009, 03:25 AM   #255
Veteran Member




Join Date: Jul 2009
Location: Russia
Posts: 343
Original Poster
QuoteQuote:
It wold be better to make the tool aware of bitmap index tables, so you give it bitmap dimensions + table address and length and it extracts all images. Looks like 20 lines of perl to me.х
I am old fashioned. Like pure code, and don't like quick and dirty scripts. :-)
For me it is faster to write small console project.
But we have bunch of people knowing Perl here :-)

QuoteQuote:
BTW I've in fact tried to modify the K100D firmware to allow some FA functionality with A lenses (auto/selectable focus points) - that was the reason for generating those tif files.
The route I took was finding the AF point menu bitmaps, cross referencing that back to the subroutine that uses them, finding the global variable that holds focus point selection information and then trying to find the subroutines that refer to that and limit the choice depending on lens. Got some partial success after patching 7-8 conditional jumps - the menu items were no longer grayed and you could choose different focus modes with A lens, but the real check was left out and the camera still used only the central point.
Patching conditionals jump is fastest way, but also most problematic one.
In reality we need fully disassembled listing with xref-s so, we could reverse things back goind up to 20 steps sometimes :-)
Normally this things are stored inside some sort of structures.

QuoteQuote:
The other approach - finding all references to the variable containing lens type was almost impossible. A lot of pointers to static and dynamic structures passed between subroutines, with some things being asynchronous - running in interrupt handlers or separate processes. Maybe very advanced disassembler can help here, but it has to be almost to the level of the x86 module.
I don't think so. As I did similar things for old Nikon P&S cameras. And this was ARM.
Reply

Bookmarks
  • Submit Thread to Facebook Facebook
  • Submit Thread to Twitter Twitter
  • Submit Thread to Digg Digg
Tags - Make this thread easier to find by adding keywords to it!
camera, check, dslr, firmware, fr, ida, information, k-x, pentax, photography, pm, post, progress, script, site, software, update, ver, version
Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
DFS hack eccentricphotography Pentax DSLR Discussion 24 10-12-2010 11:08 AM
Yet another hack job -- OM to PK ?? RioRico Pentax SLR Lens Discussion 15 10-07-2010 07:49 AM
K20D Firmware Ver - Pentax Web Site Ver? ChipB Pentax DSLR Discussion 2 02-23-2010 04:14 PM
Teleconverter hack? Raptorman Pentax SLR Lens Discussion 4 01-20-2010 03:51 AM
News Site News and Site Suggestions hidden from guests Adam Site Suggestions and Help 0 11-30-2009 12:38 AM



All times are GMT -7. The time now is 07:46 PM. | See also: NikonForums.com, CanonForums.com part of our network of photo forums!
  • Red (Default)
  • Green
  • Gray
  • Dark
  • Dark Yellow
  • Dark Blue
  • Old Red
  • Old Green
  • Old Gray
  • Dial-Up Style
Hello! It's great to see you back on the forum! Have you considered joining the community?
register
Creating a FREE ACCOUNT takes under a minute, removes ads, and lets you post! [Dismiss]
Top